AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-03-02 · Documentation low

File: cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.md

Summary

Updated documentation about how Amazon Cognito handles multiple values in IdP attributes, adding clarification about square-bracket characters

Security assessment

The change is a documentation clarification about attribute handling with no indication of security implications or security features being added

Diff

diff --git a/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.md
index f16e06a13..daf7d2fb7 100644
--- a/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.md
+++ b/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.md
@@ -48 +48 @@ In case-insensitive user pools, your Lambda triggers that process the username m
-  * When IdP attributes contain multiple values, Amazon Cognito flattens all values into a single comma-delimited string and URL form-encodes the values containing non-alphanumeric characters (excluding the ‘`.`’, ‘`-`’, ‘`*`’, and ‘`_`’ characters). You must decode and parse the individual values before you use them in your app.
+  * When IdP attributes contain multiple values, Amazon Cognito flattens all values into a single comma-delimited string enclosed in the square-bracket characters `[` and `]`. Amazon Cognito URL form-encodes the values containing non-alphanumeric characters except for `.`, `-`, `*`, and `_`. You must decode and parse the individual values before you use them in your app.